Informacje o stanowisku

Solvd is a global IT services organization with 800+ professionals delivering software development, QA, and digital transformation solutions. Our distributed teams operate across 8 delivery centers, serving enterprise clients in fintech, healthcare, and logistics. Security and compliance are foundational to our client partnerships.

We seek a strategic Chief Information Security Officer (CISO) with 8+ years of leadership experience to design, implement, and manage our global security program. This role will ensure SOC 2 and ISO 27001 compliance, secure our software delivery lifecycle (SDLC), and safeguard client data across a distributed workforce.

Responsibilities:

• Lead SOC 2 Type II audits and ISO 27001 certification processes, ensuring alignment with AICPA Trust Services Criteria and Annex A controls.
• Develop policies for data privacy (GDPR, CCPA), secure coding, and third-party risk management.
• Build a scalable security framework for 800+ engineers, QA teams, and DevOps pipelines.
• Implement DevSecOps practices, including SAST/DAST tools, container security, and cloud posture management (AWS/Azure/GCP).
• Conduct biannual risk assessments across global delivery centers and client-facing systems.
• Mitigate threats like supply chain attacks, insider risks, and API vulnerabilities.
• Manage a distributed team of security analysts, GRC specialists, and incident responders.
• Foster a security-first culture through training programs and phishing simulations.
• Oversee a 24/7 SOC, including log monitoring (SIEM), threat hunting, and breach containment.
• Maintain disaster recovery plans with <2h RTO/RPO for critical systems.
• Collaborate with sales/pre-sales teams to address security questionnaires and RFPs.
• Audit third-party vendors (e.g., cloud providers, CI/CD tools) for compliance.

Mandatory Requirements:

• 8+ years in information security leadership, preferably in IT services or SaaS.
• Proven success in achieving SOC 2 and ISO 27001 certifications.
• Expertise in securing global teams (1,000+ employees) and multi-cloud environments.
• Technical proficiency.
• Fluency in English.

Optional Requirements:

• Secure SDLC frameworks (OWASP SAMM, BSIMM).
• Infrastructure-as-code (Terraform) and Kubernetes security.
• Compliance automation tools (Drata, Vanta, Tugboat Logic).
• Certifications: CISSP, CISM, ISO 27001 Lead Auditor, or equivalent.

Warszawa - Oferty pracy w okolicznych lokalizacjach